package org.example.gradlespringbootadmin;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import de.codecentric.boot.admin.server.config.EnableAdminServer;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;

import java.net.URI;

/**
 * <a href="https://docs.spring-boot-admin.com/3.3.2/getting-started.html">学习参考网址</a>
 * <a href="https://docs.spring-boot-admin.com/3.5.6/docs/actuator-endpoints-overview">Actuator Endpoints</a>
 * 由于为了方便直接放在这个项目里了，实际应该单独一个项目 应用部署
 * 参考UI类
 * {@link de.codecentric.boot.admin.server.ui.web.UiController}
 *
 * 最简单的作用是检测高可用分布式项目中 注册端点是否齐全等
 */
@Configuration(proxyBeanMethods = false)
@EnableAutoConfiguration
@EnableDiscoveryClient
@EnableAdminServer
public class GradleSpringBootAdminApplication {

    private final AdminServerProperties adminServer;

    public GradleSpringBootAdminApplication(AdminServerProperties adminServer) {
        this.adminServer = adminServer;
    }

    public static void main(String[] args) {
        SpringApplication.run(GradleSpringBootAdminApplication.class, args);
    }


    @Bean
    public SecurityWebFilterChain securityWebFilterChainSecure(ServerHttpSecurity http) {
        return http
                .authorizeExchange(
                        (authorizeExchange) -> authorizeExchange.pathMatchers(this.adminServer.path("/assets/**"))
                                .permitAll()
                                .pathMatchers("/actuator/health/**")
                                .permitAll()
                                .pathMatchers(this.adminServer.path("/login"))
                                .permitAll()
                                .anyExchange()
                                .authenticated())
                .formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login"))
                        .authenticationSuccessHandler(loginSuccessHandler(this.adminServer.path("/"))))
                .logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout"))
                        .logoutSuccessHandler(logoutSuccessHandler(this.adminServer.path("/login?logout"))))
                .httpBasic(Customizer.withDefaults())
                .csrf(ServerHttpSecurity.CsrfSpec::disable)
                .build();
    }

    // The following two methods are only required when setting a custom base-path (see
    // 'basepath' profile in application.yml)
    private ServerLogoutSuccessHandler logoutSuccessHandler(String uri) {
        RedirectServerLogoutSuccessHandler successHandler = new RedirectServerLogoutSuccessHandler();
        successHandler.setLogoutSuccessUrl(URI.create(uri));
        return successHandler;
    }

    private ServerAuthenticationSuccessHandler loginSuccessHandler(String uri) {
        RedirectServerAuthenticationSuccessHandler successHandler = new RedirectServerAuthenticationSuccessHandler();
        successHandler.setLocation(URI.create(uri));
        return successHandler;
    }


}
